I haven't seen this, but from the description and the steps people are saying you need to take to fix it, it sounds like a malicious ad on one or more websites may have managed to install itself as a service worker, which means it can run every time you visit that website again until you clear all cached data for the site in question.

Actually, when I look more closely at your screenshot, I see that you're not actually on The Washington Post's website. You're on d2bqvm6ajgzddu.cloudfront.net. It's displaying what appears to be content from The Washington Post, but if you look closely at the bottom of the screen you can see some sort of footer with an ad network image.

In this case my guess is that you may have clicked a link thinking you were visiting The Washington Post, but it actually took you to this wrapper that injects malicious ads on top of WaPo content.

It's also possible that you got redirected here somehow from a legitimate URL.

99% chance this is coming from an ad unit on the WAPO site. Auto redirects and app installs are THE WORST. This is one of the reasons ad blockers are becoming a thing.

On the digital publishing side of the table as the keeper of ad inventory I've had to deal with these bad actors in the past.

What's likely happening is that WaPo is monetizing via banner ads. Wapo allows 3rd party networks to fill the advertising space they can't sell themselves. The 3rd party networks have their own set of direct buyers and sometimes they also have a set of sub-networks they allow to access their ad inventory. Some spam buyers will access premium inventory as a network within a network and display low quality ads and if they're clever actually are able to take over the browser and insert a pop-up like you're seeing or even worse redirect users to the app store to try and get the user to download apps etc. Affiliates for Uber and Clash of Clans were the worst culprits a few years ago.

Interesting. I was reading the article and had scrolled down to read more when this screen happened. I notice it displays nav to get back to Gmail in the upper left, but I checked and the stories in my email do not lead to this URL. Also, as I scroll in Chrome to read more, the field that displays the URL goes away.

I think you are correct. The only time I see stuff like that is when the link I'm looking at is not the original link to the article, e.g. cloudfront.net instead of the wapo site. The Weblock app helps to block ads.

As for wapo -- I use one of the wapo apps. I subscribe so I never see ads.

I wonder if running Malwarebytes on your iphone would catch this. I run it both on my Windows computer and on my phone (Android). I think the monthly fee is reasonable. https://www.malwarebytes.com/ios/

iOS malware on non-jailbroken iPhones is virtually nonexistent. There are basically only two infection vectors: App Store apps and websites, both of which are heavily controlled and sandboxed.

Typically what happens is that a website manages to do something naughty, but only while that site is open (like in the case of Chris's malicious ads) or an app manages to sneak something naughty past the App Store reviewers, but can't escape its sandbox (so it only works while the app is open) and gets shut down as soon as Apple catches on.

The worst case scenario is that a website exploits a vulnerability in Safari that allows it to execute arbitrary code with local privileges, but this is extremely difficult, rare, and Apple patches these kinds of exploits quickly.

Usually when people talk about "malware" on iOS, what they really mean is a website or app that displays trashy, annoying ads, like what Chris is seeing. It's not the same thing as malware on Android, macOS, or Windows where malicious software can actually run in the background on your system doing evil things.

Don't miss a post

Follow this conversation to get notified about new posts. Find it later in the "Following" feed.